4Setting Up the Administrative Domain

This chapter explains the basic steps involved in setting up an administrative domain. It is assumed that you have read the conceptual overview in "Administrative Domains". This chapter covers the following topics:

Before you set up an administrative domain, ensure you have logged into Oracle Secure Backup as explained in "Starting the Web Tool".

Overview of Administrative Domain Configuration

This section describes the steps involved in configuring an Oracle Secure Backup administrative domain. In many cases, the domain defaults are sufficient, so no additional configuration is required. Steps that are optional are noted.

This section makes the following assumptions:

Reliaty Backup is not currently installed on the hosts in your domain. If you are migrating Reliaty Backup to Oracle Secure Backup, then refer to Oracle Secure Backup Migration Guide.

You have already installed Oracle Secure Backup on a host and configured it as the administrative server. If you have not yet performed this task, refer to Oracle Secure Backup Installation Guide.

You have not yet used the Web tool or obtool to configure your clients, media servers, and tape devices. It is assumed that the only member of your domain is the administrative server.

If you already configured the hosts and devices in your domain, which is a step that you can optionally perform during post-installation as described in Oracle Secure Backup Installation Guide, then skip Steps 3 and 4 in the following procedure.

You are using the Oracle Secure Backup Web tool to configure the domain. "Using the Web Tool" provides an introduction to the Web tool.

You accept the default mode of security described in "Default Security Configuration". In this case no additional security configuration is required. You need only ensure that the hosts with the administrative server and media server roles have sufficient physical and network security.

You can configure your administrative domain in the following steps:

Use the Web tool to log in to the administrative domain as admin. You created this user and set the password when you installed Oracle Secure Backup on the administrative server.

If necessary, configure defaults and policies for the administrative domain. For example, you could configure default media retention values or NDMP authentication information.

In this step you can specify user accounts for unprivileged backup and restore operations. Unprivileged operations run under the specified operating system accounts rather than as root (UNIX/Linux) or a member of the Administrator group (Windows). See "About User Configuration" for more information.

About Defaults and Policies Configuration

In most cases, the policy defaults are sufficient for your administrative domain, so this step is optional. Nevertheless, you can review the defaults and make changes where necessary. Which changes are necessary depends on the specifics of your network environment.

Table 4-1 lists classes of policies that you may want to review or change.

Controls aspects of backup and restore operations. For example, you can set the amount of time that an RMAN backup job waits in the Oracle Secure Backup scheduler queue for the required resources to become available.

Controls aspects of administrative domain security. For example, you can enable SSL encryption for backup data in transit or set the key size for host identity certificates. "Configuring Security for the Administrative Domain" explains how to change the default security policies.

Refer to the "Defaults and Policies" appendix in Oracle Secure Backup Reference for descriptions of the policies and valid settings for the classes listed in Table 4-1. Keep this information handy as you review the current policy settings for your domain.

Displaying the Defaults and Policies Page

In the Advanced section of the Configure page, click Defaults and Policies to display the page shown in Figure 4-1. This page lists the policy classes.

Setting a Policy

Before changing a policy setting, refer to the "Defaults and Policies" appendix in Oracle Secure Backup Reference. This appendix contains extensive descriptions of the policies and describes valid settings. Typically, should not need to change the default settings.

To change a policy setting:

In the Policy column on the Defaults and Policies page, click the name of the policy class to be edited. For example, click scheduler.

Change the settings of one or more policies. Refer to the "Defaults and Policies" appendix in Oracle Secure Backup Reference for explanations of the policies.

Choose one of the following:

Click Apply to remain on this page.

Click OK to save the changes and return to the Defaults and Policies page.

When you change a policy setting from its default, the Web tool displays the default value for the policy in the Reset to Default Value column. Figure 4-2 shows the Scheduler page after the backup frequency has been changed to 6 minutes from the default of 5 minutes.

About Host Configuration

Although it is assumed that you have installed Oracle Secure Backup on the network hosts (except filers and other hosts that use NDMP access mode), you have not yet made the administrative server aware of the other hosts in your domain. This section explains how to configure the identity and membership of the hosts in your domain.

For hosts on which Oracle Secure Backup is installed, you can configure attributes such as the following:

Host name

IP address

Role

Host accessibility (whether the host is in service or not in service)

For hosts that use NDMP access mode, you can configure the same host attributes in the preceding list, but also configure the following attributes:

Displaying the Hosts Page

Click Hosts in the Configure page to display the Hosts page, which is shown in Figure 4-4. The Hosts page lists the host name, status, and roles attributed to the host. You can perform all host configuration tasks in this page or in pages to which it is linked.

The name you enter must start with an alphanumeric character. It can contain only letters, numerals, dashes, underscores, or periods. The maximum length of a host name is 127 characters.

The host name must be unique among all Oracle Secure Backup host names.

If you do not configure explicit IP interface names for this host (see the following step), then Oracle Secure Backup considers this host name to be the IP interface name for the host. As such, it must be resolvable through your site's host name resolution system (usually DNS or NIS) to the IP address of a network interface on the host.

In the IP Interface name(s) box, optionally enter one or more IP interface names. Separate multiple entries with a comma.

If you define one or more IP names, then you can specify either resolvable host names or IP addresses. For example, you can use myhost.oracle.com for a host name or 141.146.8.66 for an IP address.

Note:

The use of DHCP to assign IP addresses is not supported for hosts that participate in an Oracle Secure Backup administrative domain. You must assign static IP addresses to all hosts. If you cannot use static IP addresses, then ensure that the DHCP server guarantees that a given host is always assigned the same IP address.

If this box is not empty, then Oracle Secure Backup never uses the user-assigned host name to get the host's IP address; instead, it considers each name in this IP address field until it finds one that resolves to a working IP address. If preferred network interfaces (PNI) are used, then Oracle Secure Backup considers the PNI address first.

If you leave this box blank, then Oracle Secure Backup uses the name you assigned to the host in the previous step as the resolvable IP name for the host.

In the Status list, select one of the following:

in service

Select this option to indicate that the machine is logically available to perform backup and restore operations.

not in service

Select this option to indicate that the machine is logically unavailable to perform backup and restore operations.

In the Roles list, select one or more administrative domain roles for the host. You can select multiple roles. Your choices are the following:

In the Access method box, select an access method for the host (if applicable). Your choices are the following:

ob

Select this option if the host has Oracle Secure Backup installed.

NDMP

Select this option if the host does not have Oracle Secure Backup installed—for example, a Network-Attached Storage (NAS) device—and uses the Network Data management Protocol (NDMP) to perform all backup and restore operations.

Note:

NDMP is an open standard that defines a common architecture for the way heterogeneous file servers on a network are backed up. This protocol permits the creation of a common agent used by the central backup application to back up servers running different operating systems.

If you select ob, then perform Step 9 and then jump to Step 16. If you select NDMP, then skip to Step 10 and perform all subsequent steps.

In Public and private key sizes, select a size for the public/private key associated with the identity certificate for this host.

In the NDMP authorization type list, select an authorization type. The authorization type defines the way in which Oracle Secure Backup authenticates itself to the NDMP server. Typically, you should use the default setting.

Your choices are the following:

default

Select this option to use the value of the Authentication type for the NDMP policy.

none

Select this option to attempt to use the NDMP server from Oracle Secure Backup and provide no authentication data. This technique is usually unsuccessful.

negotiated

Select this option to negotiate with the NDMP server to determine the best authentication mode to use.

In the Username box, enter the name used to authenticate Oracle Secure Backup to this NDMP server. If left blank, then the Oracle Secure Backup uses the name in the NDMP policy.

In the Password list, select one of the following options:

Use default password

Select this option to use the default NDMP password.

Use text password

Select this option to enter a password.

Set to NULL

Check this box to use a NULL password.

The password is used to authenticate Oracle Secure Backup to this NDMP server.

In the Backup type box, enter an NDMP backup type. A backup type is the name of a backup method supported by the NDMP Data Service running on a host. Backup types are defined by each Data Service provider.

In the Protocol Version list, select 2, 3, 4, or as proposed by server.

The NDMP protocol has three public versions, called 2, 3, and 4. Typically, it is acceptable to let Oracle Secure Backup choose the protocol version that the server proposes when the connection is established. If necessary (for example, for testing) you can change the NDMP protocol version with which Oracle Secure Backup communicates to this server.

In the Port box, enter a port number. Typically, the TCP port (10000) in the NDMP policy is used. You can specify another port if this server uses a port other than the default.

Check the Suppress communication with host checkbox if you want to add a host to the administrative domain that is currently not accessible on the network.

Click Apply, OK, or Cancel.

Pinging a Host

You can use the ping operation to determine whether a host is responsive to requests from Oracle Secure Backup.

Ping attempts to establish a TCP connection to the host on each of the IP addresses you have configured for it. For hosts that use primary access mode, connection occurs through TCP port 400; for hosts that use the NDMP access mode, connections occur through the configured NDMP TCP port, usually 10000.

Oracle Secure Backup reports the status of each connection attempt and immediately closes each connection that has been established successfully.

This operation is useful for ensuring that a host is responsive on all of its configured IP addresses.

To ping a host:

From the Hosts page, select a host to ping.

Click Ping.

A status line appears on the page with the results of the operation.

Displaying or Editing Host Properties

To display or edit host properties:

From the Hosts page, select the name of the host whose properties require editing.

Click the Suppress communication with host checkbox to edit a host that is not accessible through the network.

Click Edit.

The Web tool displays a page with details for the host you selected.

Make any required changes to the host properties. If you only want to view the properties, then do not make changes.

Adding Backup and Restore Environment Variables to an NDMP Host

After you configure and create an NDMP host, you can edit the host to add backup and restore environment variables.

To add backup and restore variables:

In the box that displays next to the Backup environment vars or Restore environment vars box, enter a name-value pair.

Click Add to add the name-value pair as an environment variable.

For example, enter A=B or "Name A"="Value B" (if the name or value includes spaces). Select an existing environment variable pair and click Remove to remove the pair.

Configuring Preferred Network Interfaces (PNI)

Multiple physical data paths can exist between a client, which contains primary storage to be backed up or restored, and a server, which controls secondary storage devices that write and read the backup media or serves as the administrative server. The PNI (Preferred Network Interface) specifies the network interface that should be used to transmit data to be backed up or restored.

In the IP Address list, select an IP address or name. The IP address or name identifies the network interface that the clients you select will use when communicating with the server.

Select one or more clients to use this IP address or DNS name from the Host list box.

Click Add.

The Web tool displays the PNI in the IP Address:Host List box.

Removing a PNI

To remove a PNI:

In the IP Address:Host List box, select the name of the PNI that you want to remove.

Click Remove.

Removing a Host

This section explains how to remove a host from an Oracle Secure Backup administrative domain.

When you remove a host, Oracle Secure Backup destroys all information pertinent to that host, including:

Configuration data

Incremental backup state information

Metadata in the backup catalog for this host

Device attachments

Preferred network interface references

Moreover, when you remove a UNIX or Windows host, Oracle Secure Backup contacts that host and directs it to delete the administrative domain membership information it maintains locally. You can suppress this communication if the host is no longer accessible.

To remove a host:

From the Hosts page, select the name of the host that you want to remove.

Check Suppress communication with host to remove a machine that is not connected to the network.

Click Remove.

Oracle Secure Backup prompts you to confirm the removal of the host.

Click Yes to remove the host or No to leave the host undisturbed.

If you selected Yes, then Oracle Secure Backup removes the host and returns you to the Host page.

Renaming a Host

To rename a host:

In the Hosts page, select the name of the host to rename.

Check Suppress communication with host to rename a machine that is not connected to the network.

Click Rename.

The Web tool displays a message box in which you can enter the new name.

Enter the new name for the host in the text box.

Click Yes to rename the host or No to leave the host name unchanged.

If you select Yes, then Oracle Secure Backup renames the host and returns you to the Host page.

Updating a Host

This section explains how and when to update a host. When you add or modify a host in an Oracle Secure Backup administrative domain, Oracle Secure Backup exchanges messages with that host to inform it of its new state. If no communication is possible (such as when you have checked the Suppress communication with host checkbox) during an add or edit operation, then the host contains out-of-date configuration information. Use Update Host to send fresh state information to the host.

Updating is useful only for hosts that use the primary access method. NDMP-accessed hosts do not maintain any Oracle Secure Backup state data and are therefore not eligible for this function.

To update a host:

From the Host page, select the name of the host to be updated.

Click Update.

Configuring Tape Devices

This section explains how to configure secondary storage devices for use with Oracle Secure Backup. This section contains the following topics:

Disable any system software that scans and opens arbitrary SCSI targets before configuring Oracle Secure Backup tape devices. If Oracle Secure Backup has to contend with other system software (such as monitoring software) for access to tape libraries and drives, then unexpected behavior can result.

By adding them manually. See the next step to define devices that cannot be automatically discovered.

Note:

Discovery is a way to learn out about new devices or otherwise unconfigured devices that exist on the host. This technique works only for NDMP devices.

Click Add to add a device.

In the Device box, enter a name for the device.

The name must start with an alphanumeric character. It can only contain letters, numerals, dashes, underscores, or periods. It may contain at most 127 characters.

The device name is of your choosing. It must be unique among all Oracle Secure Backup device names. It is unrelated to any other name used in your computing environment or the Oracle Secure Backup administrative domain.

Select this option to indicate that the device is logically available to perform Oracle Secure Backup backup and restore operations.

not in service

Select this option to indicate that the device is logically unavailable to perform backup or restore operations.

auto not in service

This option indicates that the device is logically unavailable to perform backup or restore operation and is set automatically as a result of a failed operation.

In the Debug mode list, select yes or no. The default is yes.

In the World Wide Name box, enter a world-wide name if one exists for the device.

Oracle Secure Backup supports devices whose operating system-assigned logical names (for example, nrst0a) can vary at each operating system restart. This situation applies to Fibre Channel-attached tape drives and libraries connected to Network Appliance filers. You can refer to these raw devices with their world-wide names (for example, nr.WWN[2:000:0090a5:0003f7]L1.a), rather than their logical names.

This option is most useful for tape drives and libraries attached to Network Appliance filers. Unlike the logical name, the world-wide name does not change across reboots.

Any substring of the attachment's raw device name that is the string $WWN is replaced with the value of the WWN each time the device is opened. For example a usable raw device name for a SAN-attached Network Appliance filer is nr.$WWN.a, specifying a no-rewind, best-compression device having the World Wide Name found in the device object.

The WWN is usually auto-discovered by the device discovery function in Oracle Secure Backup; however, you can enter it manually if necessary.

In the Barcode reader list, select one of the following options to indicate whether a barcode reader is present. A barcode is a symbol code that is physically applied to volumes for identification purposes; some libraries have an automated means to read barcodes, which Oracle Secure Backup supports.

yes

Select this option to indicate that the library has a barcode reader.

no

Select this option to indicate that the library does not have a barcode reader.

default

Select this option to indicate that Oracle Secure Backup should automatically determine the barcode reader using information reported by either the library, the external device file, or both.

In the Barcode required list, select yes or no. If you specify yes, and if a tape in the library does not have a readable barcode, then Oracle Secure Backup refuses to use the tape. This option is configurable for each library.

Typically, Oracle Secure Backup does not discriminate between tapes with readable barcodes and those without. This policy ensures that Oracle Secure Backup can always solicit a tape needed for restore by using both the barcode and the volume ID.

In the Unload required list, select yes, no or default to specify whether or not an unload operation is required before moving a tape from a drive to a storage element.

Typically, you should leave this set to default yes, which means the value comes from the external device table ob_drives. If you encounter difficulties, however, particularly timeouts waiting for offline while unloading a drive, then select no.

Configuring Automatic Tape Cleaning for a Library

Oracle Secure Backup can automatically clean tape drives in a library. A cleaning cycle is initiated either when a drive reports that it needs cleaning or when a specified usage time has elapsed.

Oracle Secure Backup checks for cleaning requirements when a cartridge is either loaded into or unloaded from a drive. If at that time a cleaning is required, Oracle Secure Backup loads a cleaning cartridge, waits for the cleaning cycle to complete, replaces the cleaning cartridge in its original storage element, and continues with the requested load or unload.

To configure automatic cleaning for a library:

In the Auto clean list, select yes to enable automatic drive cleaning or no to disable it. You can also manually request that a cleaning be performed whenever a drive is not in use.

Note:

Not all drives can report that cleaning is required. For those drives, you must define a cleaning interval.

In the Clean interval (duration) box, enter a value and then select the cleaning frequency from the adjacent list. This interval is the amount of time a drive is used before a cleaning cycle is initiated. If automatic drive cleaning is enabled, then this duration indicates the interval between cleaning cycles.

In the Clean using emptiest box, select one of the following options:

yes

Select this option to specify the emptiest cleaning tape, which causes cleaning tapes to "round robin" as cleanings are required.

no

Select this option use the fullest cleaning tape, which causes each cleaning tape to be used until it fills, then the next cleaning tape fills, and so on.

If there are multiple cleaning tapes in a library, then Oracle Secure Backup needs to decide which to use. If you do not otherwise specify, Oracle Secure Backup chooses the cleaning tape with the fewest number of cleaning cycles remaining.

In the Library list, select a library name if the drive is located in a library.

In the DTE box, enter the Data Transfer Element (DTE). DTE is the SCSI-2 name for a tape drive in a library. DTEs are numbered 1 through n and are used to identify drives in a library.

Note:

This option is not available for standalone tape drives.

In the Automount box, select yes (default) or no to specify whether automount mode is on or off. Enable the automount mode if you want Oracle Secure Backup to mount tapes for backup and restore operations without operator intervention.

In the Error rate box, enter an error rate percentage or leave this box blank to accept the default setting. The default is 8.

The error rate is the ratio of restored write errors that occur during a backup job divided by the total number of blocks written, multiplied by 100. If the error rate for any backup is higher than this setting, then Oracle Secure Backup displays a warning message in the backup transcript.

Oracle Secure Backup also issues a warning if it encounters a SCSI error when trying to read or reset the drive's error counters. Some drives do not support the SCSI commands necessary to perform these operations. To avoid these warnings, error rate checking can be disabled by checking None.

In the Blocking factor box, enter the blocking factor or leave this box blank to accept the default setting. The default is 128 bytes.

A blocking factor specifies how many 512-byte records to include in each block of data written to tape. By default, Oracle Secure Backup writes 64K blocks to tape (blocking factor 128).

In the Max Blocking factor box, enter the maximum blocking factor.

The largest value permitted for the maximum blocking factor is 4096. This represents a maximum tape block size of 2MB. This maximum is subject to device and operating system limitations that can reduce this maximum block size.

In the Drive usage box, enter the amount of time a drive has been in use since it was last cleaned and then select the time unity from the adjacent list.

Leave the Current tape box empty during initial configuration. This box will automatically be filled in after an inventory has been taken.

In the Use list group, select one of the following options to configure the use list:

Storage element range or list

Click this button to select a numerical range of storage element addresses. Enter a range in the box, for example, 1-20.

All

Click this button to specify all storage elements. For libraries with single drives, you can select this option to use all tapes.

None

Select this button to indicate that no storage elements have yet been specified. This is the default setting. If you select All or Storage element range or list, then this option is no longer visible.

Oracle Secure Backup allows all tapes to be accessed by all drives. The use list enables you to divide the use of the tapes for libraries containing multiple drives in which you are using more than one drive to perform backups. For example, you might want the tapes in the first half of the storage elements to be available to the first drive, and those in the second half to be available to the second drive.

Click Apply, OK, or Cancel.

Editing Device Properties

To edit the properties for an existing device:

From the Devices page, select the name of the device.

Click Edit.

The Web tool displays a page with details for the device you selected.

Removing a Device

Oracle Secure Backup informs you that the device was successfully removed and returns you to the Device page.

Renaming a Device

To rename a device:

From the Devices page, select the name of the device.

Enter the new name for the device in the text box.

Click Rename.

Oracle Secure Backup prompts you to confirm the removal.

Click Yes to accept the new name.

The Web tool informs you that the device was successfully renamed and returns you to the Device page.

Configuring a Device Attachment

As explained in "Device Names and Attachments", Oracle Secure Backup maintains a distinction between a device and the means by which the device is connected to a host. Each configurable device can have one or more attachments, where each attachment describes a data path between a host and the device. Typically, an attachment includes the identity of a host plus a UNIX device special file name, a Windows device name, or NAS device name. In rare cases, Oracle Secure Backup requires additional information to complete the attachment definition.

Before proceeding to configure the device attachment, refer to the description of the mkdev command in Oracle Secure Backup Reference. The description of the aspec placeholder describes the syntax and naming conventions for device attachments.

To configure a device attachment:

After adding or editing a device, click the Attachments button.

In the Host list, select a host.

In the Raw device box, enter the raw device name. This is the operating system's name for the device, such as a UNIX device special file. For example, a library name might be /dev/obl0 on Linux and //./obl0 on Windows.

Note:

Steps 4 through 8 need to be performed only for certain hosts running certain NDMP version 2 and 3 servers, such as Network Appliance Data ONTAP 5.1 or 5.2.

In the ST device box, enter a device name.

In the ST target box, enter a target number.

In the SCSI device box, enter a SCSI device.

In the ST controller box, enter a bus target number.

In the ST lun box, enter a SCSI logical unit number for the device.

Click Add to add the attachment.

Editing a Device Attachment

To change an existing device attachment on the Attachments page:

In the host:raw device box, select the device attachment you want to change.

Click Edit.

The Web tool displays a page with details for the device attachment you selected.

Make the required changes.

Click Add to change the device attachment.

Removing a Device Attachment

To remove a device attachment from a tape drive or library on the Attachments page:

In the host:raw device box, select the name of the device attachment.

Click Remove.

Displaying Device Attachment Properties

You can display device attachment properties from the Devices page.

To display attachment properties:

Select the name of the device for which you want to view attachment properties.

Click the Show Properties button.

The Web tool displays a page that displays various properties, including device attachments, for the device you selected.

Click Close to exit the page.

Pinging a Device Attachment

Oracle Secure Backup enables you to determine whether a device is accessible to Oracle Secure Backup using a specific attachment.

When you ping a device, Oracle Secure Backup performs the following steps:

Establishes a logical connection to the device

Inquires about the device's identity data with the SCSI INQUIRY command

Closes the connection

If the attachment is remote from the host running the Web tool (or obtool), then Oracle Secure Backup establishes an NDMP session with the remote media server to effect this function.

To ping an attachment from the Attachments page:

In the host:raw device box, select the attachment to ping.

Click the Ping button.

The Web tool opens a new window that describes the status of the attachment.

Click Close to exit the page.

Displaying Device Properties

The Web tool a device is in service, which host or hosts the device is connected to, the device type, and various other details relating to devices.

Note:

If a device is in service, it means the device can be used by Oracle Secure Backup; if it is not in service, then it cannot be used by Oracle Secure Backup. When a device is taken out of service, no more backups are dispatched to it.

To display device properties:

In the Device page, select the name of the device for which you want to display properties.

Click the Show Properties button.

The Web tool displays a page with the properties for the device you selected.

Pinging a Device

Oracle Secure Backup enables you to determine whether a tape device is accessible to Oracle Secure Backup using any available attachment.

Pinging a library causes all of its in service member tape drives to be pinged as well.

To ping a device:

In the Devices page, select a device to ping.

Click the Ping button.

The Web tool displays the status of the operation.

Discovering NDMP-Based Tape Devices Automatically

Oracle Secure Backup can detect changes in device configuration for some types of NDMP-accessed hosts and, based on this information, automatically update the administrative domain's device configuration.

Oracle Secure Backup detects and acts on these kinds of changes:

Devices that were not previously configured but have appeared. For each such device, Oracle Secure Backup creates a new device with an internally-assigned name and configures a device attachment for it.

Devices that were previously configured for which a new attachment has appeared. For each, Oracle Secure Backup adds an attachment to the existing device.

Devices that were previously configured for which an attachment has disappeared. For each, Oracle Secure Backup removes the attachment from the device.

Oracle Secure Backup detects multiple hosts connected to the same device by comparing the serial numbers reported by the operating system. Oracle Secure Backup also determines whether any discovered device is accessible by its serial number; if so, it configures each device attachment to reference the serial number instead of any logical name assigned by the operating system.

To discover a device:

In the list of hosts, select the name of an NDMP host.

Click Discover.

The Web tool displays a message in the status area, which can also be a message stating that no changes to device configuration are discovered.

Click OK to return to the Devices page.

Configuring Classes

As explained in "Oracle Secure Backup Classes and Rights", a class defines a set of rights that are granted to a user. A class can include multiple users, but each user is a member of one and only one class.

In most cases, the default classes are sufficient. Refer to Oracle Secure Backup Reference for a complete account of the rights that belong to each class.

In the Class box, enter a name for the class. The name you enter must start with an alphanumeric character. It can contain only letters, numerals, dashes, underscores, or periods. The maximum character length is 127 characters.

The class name is of your choosing. It must be unique among all Oracle Secure Backup class names. It is unrelated to any other name used in your computing environment or the Oracle Secure Backup administrative domain.

Select the rights to grant to this class. Refer to the "Classes and Rights" in Oracle Secure Backup Reference for a detailed explanation of these rights.

Click Apply or OK.

Editing a Class

To modify existing classes, you must have the modify administrative domain's configuration right. When you change the class that a user belongs to or modify the rights of such a class, the changes do not take effect until the user exits from the Oracle Secure Backup component that he is currently using.

To edit a class:

In the Class Name box, select the name of the class that you want to edit.

Click Edit.

The Web tool displays a page with details for the class name you selected.

Make any required changes.

Click Apply or OK.

Removing a Class

You cannot remove a class to which any users currently belong. Instead, you need to reassign or delete all existing members of a class before the class can be removed.

To remove a class:

In the Class Name box, select the name of the class to be removed.

Click Remove.

A message prompts you to confirm the removal of the class.

Click Yes to remove the class name or No to leave the class undisturbed.

A message appears in Status box telling you whether the class was successfully removed.

Renaming a Class

To rename a class:

In the Class name box, select the name of the class that you want to rename.

Click Rename.

A message prompts you to confirm the renaming of the class.

In the text box, enter the new name for the class.

Click Yes to rename the class name or No to leave the class undisturbed.

A message appears in Status box telling you the result of the operation.

Displaying Class Properties

To display the properties for a class:

In the Class Name box, select the name of the class whose properties you want to display.

Click Edit.

The Web tool displays a page with details for the class name you selected.

Click Cancel to return to the Classes page.

Configuring Users

As explained in "Oracle Secure Backup Users and Passwords", an Oracle Secure Backup user exists in a separate namespace from an operating system user. This section explains how to define, change, and remove Oracle Secure Backup users. It contains the following topics:

About User Configuration

When you run installob on the administrative server, Oracle Secure Backup creates the admin user by default. Unless you configured your obparameters file to create the oracle user, no other users exist in the administrative domain.

At this stage, you can optionally create new users or modify the attributes of the current users. The following user attributes are particularly important:

Preauthorizations

You can preauthorize an operating system user to make Oracle Database SBT backups through RMAN or log in to the user-invoked Oracle Secure Backup command-line utilities.

A preauthorization for an operating system user is associated with a specific Oracle Secure Backup user. For example, you can enable the Linux user muthu to log in to obtool as the Oracle Secure Backup user named backup_admin. Additionally, you could preauthorize muthu to run RMAN backups under the backup_admin identity.

Operating system accounts for unprivileged backups

An unprivileged backup is a file system backup of a client that does not run on the operating system as root (UNIX/Linux) or a member of the Administrators group (Windows). You must specify which operating system accounts are used for unprivileged backups.

Displaying the Users Page

In the Configure page, click Users to display the Users page, which is shown in Figure 4-7. This page lists all users authorized by Oracle Secure Backup along with their class names and email addresses. You can perform all user configuration tasks in this page or in pages to which it provides links.

Adding a User

The name you enter must start with an alphanumeric character. It can contain only letters, numerals, dashes, underscores, or periods. The maximum character length that you can enter is 31 characters.

The user name must be unique among all Oracle Secure Backup user names. Formally, it is unrelated to any other name used in your computing environment or the Oracle Secure Backup administrative domain. Practically, it is helpful to choose Oracle Secure Backup user names that are identical to Windows or UNIX user names.

In the Password box, enter a password. This password is used to log in to Oracle Secure Backup. The maximum character length that you can enter is 16 characters.

In the User class list, select a class. A class defines a set of rights.

In the Given name box, optionally enter a name for the user. This name is for information purposes only.

In the UNIX name box, enter a UNIX name for this account.

This name forms the identity of any non-privileged jobs run by the user on UNIX systems. If this Oracle Secure Backup user will not—or is not permitted to—run Oracle Secure Backup jobs on UNIX systems, then the user can leave this field blank.

In the UNIX group box, enter a UNIX group name for this account.

This name forms the identity of any non-privileged jobs run by the user on UNIX systems. If this Oracle Secure Backup user will not —or is not permitted to—run Oracle Secure Backup jobs on UNIX systems, then the user can leave this field blank.

In the NDMP server user box, select yes to request that Oracle Secure Backup's NDMP server accept a login from this user by using the supplied user name and password. This option is not required for normal Oracle Secure Backup operation and is typically set to no.

In the Email address box, enter the email address for the user. When Oracle Secure Backup wants to communicate with this user, such as to deliver a job summary or notify the user of a pending input request, it sends email to this address.

In the Domain name box, enter a Windows domain name. Enter an asterisk (*) in this box for all Windows domains.

In the Username and Password boxes, enter the account information for a Windows user.

Click Add to add the Windows account information. The account information appears in the Domain:Username box.

Removing a Windows Account

To remove a Windows account:

From the Windows Domain page, select the name of the Windows account from the Domain: Username box.

Click Remove.

The Web tool displays a message in the Status box informing you that the Windows account was successfully removed.

Assigning Preauthorized Access

This section explains how to grant access to Oracle Secure Backup services and data to the specified operating system user. You can preauthorize Oracle Database SBT backups through RMAN or preauthorize login to the user-invoked Oracle Secure Backup command-line utilities.

Oracle Secure Backup preauthorizes access only for the specified operating system user on the specified host. For each host within an Oracle Secure Backup administrative domain, the administrator may declare one or more one-to-one mappings between operating system and Oracle Secure Backup user identities.You can create preauthorizations only if you have the modify administrative domain's configuration right. Typically, only a user in the admin class has this right.

To assign preauthorized access:

From the Users page, select the name of the user from the User name box.

Click Edit.

The Web tool displays a page with details for the user you selected.

Click Preauthorized Access.

In the Hosts lists, select either all hosts or the name of the host to which the operating system user is granted preauthorized access.

In the OS username box, enter the operating system user account with which the Oracle Secure Backup user should access services and data. Enter an asterisk (*) or leave blank to select all users.

In the Windows domain name box, enter the Windows domain to which the operating system user belongs. The Windows domain is only applicable to preauthorized logins from a Windows host. Enter an asterisk (*) or leave blank to select all domains.

If you enter a Windows account name in the OS username box, then you must enter an asterisk, leave the box blank, or enter a specific domain.